How to Tell If a Microsoft Security-Related Message Is Genuine
September 19, 2003

Microsoft regularly sends e-mail to subscribers of security e-mail notification services when theyrelease a Microsoft Security Bulletin.

Unfortunately, malicious individuals have been known to send bogus bulletins that appear to be coming from Microsoft, a tactic known as spoofing. Some of these messages lure recipients to malicious Web sites to download malicious code, while others include a file attachment containing a virus.

Learn What to Look For
Fortunately, there are ways to spot the imposters. Here's how to verify that a Microsoft security-related message you receive is legitimate:

The message contains no attachments. Authentic Microsoft Security Bulletin notifications never include software updates as attachments. Rather, we refer customers to the complete version of the bulletin on our Web site, which provides a link to the update. Most Microsoft software updates are made through Microsoft® Windows® Update, Microsoft Office Update, or the Microsoft Download Center.

The message is digitally signed. The Microsoft Security Response Center always signs its bulletin notifications before distributing them. You can verify the signature by using the key published on Microsoft TechNet.

Verify the digital signature on TechNet

The bulletin is listed on Microsoft.com. We never send notices about security updates until after we publish information about them on our Web site. If you are ever in doubt about the authenticity of a Microsoft Security Bulletin notice, check TechNet to see if the bulletin is listed there.

Review the list of recent bulletins

Example of a Bogus Bulletin
Counterfeit security communications can appear quite convincing, as was the case with the fraudulent e-mail that was used to distribute the Swen worm.

If in doubt call your Raven account manager.